Description
For complete Information Disclosure using FortiWEB, the favicon.ico has to be removed from the Predefined Global White List.
As for HTTP traffic hitting global white list, FortiWeb will not perform any signature detection, including information disclosure, thus it will provide complete information for any request to this frequently used file.
Example when the favicon.ico is missing:
GET /favicon.ico HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: cookiesession1=OALGMDARRED9XSY4I304CO9CSCBP88CS
Connection: keep-alive
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-CustomeName: MyCustomValue
X-Powered-By-Plesk: PleskWin
Date: Mon, 24 Nov 2014 10:06:32 GMT
Content-Length: 1058
Example when the favicon.ico exists:
GET /favicon.ico HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: cookiesession1=V6P4S17H3LIAN2HF289Q1YPSYV8RLXJG
Connection: keep-alive
(Status-Line) HTTP/1.1 200 OK
Content-Type: image/x-icon
Last-Modified: Sat, 16 Jul 2011 11:59:03 GMT
Accept-Ranges: bytes
Etag: "eaddc8c1af43cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-CustomeName: MyCustomValue
X-Powered-By-Plesk: PleskWin
Date: Mon, 24 Nov 2014 17:34:26 GMT
Content-Length: 1150
